CVE-2025-61830
BaseFortify
Publication date: 2025-11-11
Last updated on: 2026-03-31
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | pass_authentication | to 3.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Adobe Pass versions 3.7.3 and earlier is an Incorrect Authorization issue that allows an attacker to bypass security measures and gain unauthorized read and write access. Exploiting this vulnerability requires user interaction, specifically that a victim installs a malicious SDK.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to gain unauthorized read and write access to your system or data through Adobe Pass, potentially leading to data breaches or manipulation. However, exploitation requires that a user installs a malicious SDK, meaning social engineering or tricking the user is necessary.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that users do not install untrusted or malicious SDKs, as exploitation requires user interaction involving installation of a malicious SDK. Additionally, update Adobe Pass to a version later than 3.7.3 once available to fix the incorrect authorization issue.